Some people, no matter their reasons — be they illegal activities, extramarital affairs, general paranoias, or human decencies — really want privacy. Especially when it comes to their messaging.
These people would tell you that Facebook Messenger is not to be trusted and that Google’s Hangouts is a definite no-no; WhatsApp, they might say, is worst of them all. (And they would be right.)
a. Encrypted in transit?
b. Encrypted so the provider can’t read it?
c. Can you verify the contacts’ identities?
d. Are past comms secure if your keys are stolen?
e. Is the code open to independent review?
f. Is security design properly documented?
g. Has there been any recent code audit?
Of the most popular messaging apps, all were fairly dismal at security. Apple is the sole exception, but even it is imperfect: iMessage and FaceTime met five of these seven, failing to meet criteria c. and e. (And yet Apple continues to both fight for encryption and publicly denounce the government’s attempts to decrypt accused-criminals’ iPhones and private communications.)
Other popular apps got just two of seven, failing to meet criteria b. through f., including Facebook chat, Google Hangouts/Chat (even when “off the record”), Snapchat, and WhatsApp. The rest were laughable: AIM, Yahoo Messenger, Skype, and Blackberry Messenger scored only one point; all failed to meet criteria b. through g.
Kik got none. (Ron Burgundy comes to mind.)
Only six messaging apps met each of the seven criteria; only six got 7/7. (A ranking of the most popular messaging apps and their associated security ratings is below.) Here’s they are, for all your private conversational needs:
- Acquired by Twitter in 2011
- iOS & Android
- Created by exiled Russian Pavel Durov
- iOS, Android, Windows Phone, & Ubuntu Touch; Mac OS X, Windows, & Linux
- Created by PGP’s founder and co-founder
- Offer a product, Blackphone, that’s “the world’s first smartphone built from the ground up to be private by design.”
- Silent Phone: Silent Circle’s software for iOS & Android
- Used by whistleblower Chelsea Manning
- Connects with AIM, MSN, Google Talk, and more chat clients
- Mac OS X, Windows, & Linux
- Created by then-17-year-old Nadim Kobeissi
- iOS; Mac OS X; extension for Chrome, Firefox, Safari, & Opera
- Part of [The Guardian Project](https://en.wikipedia.org/wiki/TheGuardian_Project(software)
- iOS & Android
And there you have it. Trust that the EFF will update their scorecard if anything changes. In the meantime: safe messaging. (And know that, if you’re really breaking laws, the government can probably find a way to prove it.)